From: Libor Peltan <libor.peltan@nic.cz>
Date: Sat, 14 Aug 2021 06:46:40 +0000 (+0200)
Subject: zonemd: fix reporting error when verify fails on load
X-Git-Tag: v3.1.2~59
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8135843df930fc3bd1ebc32184b4d416903676f8;p=thirdparty%2Fknot-dns.git

zonemd: fix reporting error when verify fails on load
---

diff --git a/src/knot/events/handlers/load.c b/src/knot/events/handlers/load.c
index 00492abd8b..a1fcdd4fca 100644
--- a/src/knot/events/handlers/load.c
+++ b/src/knot/events/handlers/load.c
@@ -248,6 +248,12 @@ int event_load(conf_t *conf, zone_t *zone)
 		goto cleanup;
 	}
 
+	bool zf_serial_updated = (zf_conts != NULL && zone_contents_serial(zf_conts) != zone_contents_serial(zone->contents));
+
+	// The contents are already part of zone_update.
+	zf_conts = NULL;
+	journal_conts = NULL;
+
 	ret = zone_update_verify_digest(conf, &up);
 	if (ret != KNOT_EOK) {
 		goto cleanup;
@@ -255,8 +261,7 @@ int event_load(conf_t *conf, zone_t *zone)
 
 	uint32_t middle_serial = zone_contents_serial(up.new_cont);
 
-	if (do_diff && old_contents_exist && dnssec_enable && zf_conts != NULL &&
-	    zone_contents_serial(zf_conts) != zone_contents_serial(zone->contents) &&
+	if (do_diff && old_contents_exist && dnssec_enable && zf_serial_updated &&
 	    !zone_in_journal_exists) {
 		ret = zone_update_start_extra(&up, conf);
 		if (ret != KNOT_EOK) {
@@ -264,10 +269,6 @@ int event_load(conf_t *conf, zone_t *zone)
 		}
 	}
 
-	// The contents are already part of zone_update.
-	zf_conts = NULL;
-	journal_conts = NULL;
-
 	// Sign zone using DNSSEC if configured.
 	zone_sign_reschedule_t dnssec_refresh = { 0 };
 	if (dnssec_enable) {